In a distributed computer system, data storage is typically performed by a centralized storage server or by multiple storage nodes. Networked clients may store files and retrieve files from this system and use the storage system as a shared data repository. For example, files may be shared by a client retrieving and reading a file previously stored by another client. As another example, several different clients may contribute to a single file, such as by modifying the file.
Computer system users and organizations are becoming increasingly dependent upon shared, networked data. As this dependence increases, the need to protect this data from prying or malicious persons becomes increasingly critical. There are currently a number of data security schemes for networked computing environments. However, two principal conventional approaches each have their drawbacks.
One conventional data security approach is to encrypt the data on the server. In such a system, the clients typically perform the encryption prior to uploading their files to the server. And, since filenames are often chosen by users for their ability to accurately describe the contents stored in the associated data file, the entire directory structure, including filenames and files are typically encrypted in such a scheme. A drawback is that the server has limited ability to perform file management and space management functions since it has limited access to the files and to the directory. Alternately, the server maintains control of the underlying file system. This allows improved file management functionality of the server. In such a system, however, the server needs to be trusted or, else, an attack on the server might allow unauthorized persons to access file information.
Another conventional approach is to provide security protection for communications between the storage server and clients. Accordingly, the data is often stored as plaintext (not encrypted), but is then encrypted for transmission and decrypted upon reception. This protects the data against eavesdroppers on insecure communication channels. However, this does not protect against an untrustworthy server, such where servers are shared among several administrative domains, nor does this scheme protect against attacks directly on the server. Another disadvantage of this scheme is that the server needs to perform encryption and decryption as requests are made. This requires that the server have sufficient processing power and also tends to increase latency for accesses to the server.
Therefore, what is needed is an improved technique for securing data in a storage system that does not suffer from the aforementioned drawbacks. In addition, such a technique should allow different access capabilities for clients who share a file, such as to prevent those clients who are authorized only to read file from making changes to the file. It is to these ends that the present invention is directed.